Threat Intelligence Database
Comprehensive database of the latest cyber threats affecting organizations worldwide. Filter and search to find specific threat intelligence relevant to your organization.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Search Results: "rundll32.exe"
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-25865: Unquoted Search Path or Element in Yandex Punto SwitcherCVE-2026-25865 0 Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll Control_RunDLL input.dll. Attackers can place a malicious executable earlier in the search order to achieve arbitrary code execution in the context of the affected user. Join the discussion | CVE Database V5 | 06/18/2026, 19:39:14 UTC Added: 06/18/2026, 19:51:23 UTC |
Russian Ruse: ValleyRAT Hits China via Fake Microsoft Teams Attack 0 The Chinese APT group Silver Fox has launched an SEO poisoning campaign targeting Chinese-speaking users, impersonating Microsoft Teams. The campaign uses a modified ValleyRAT loader with Cyrillic elements to mislead attribution. Silver Fox aims to conduct espionage and financial fraud, posing a significant threat due to its dual mission. The attack chain involves a fake Teams website, malicious ZIP files, and binary data retrieval from XML and JSON files. The malware exploits rundll32.exe for binary proxy execution and establishes C2 communication. Attribution to Silver Fox is based on overlapping infrastructure and links to previous campaigns. Organizations with global operations, especially in China, are advised to implement robust security measures and logging capabilities to defend against this evolving threat. Join the discussion | AlienVault OTX General | 12/10/2025, 17:22:42 UTC Added: 12/11/2025, 09:08:56 UTC |
CVE-2025-66576: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Remotecontrolio Remote Keyboard DesktopCVE-2025-66576 0 Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution. Join the discussion | CVE Database V5 | 12/04/2025, 20:46:33 UTC Added: 12/04/2025, 20:53:51 UTC |
Threat Actors Leverage SEO Poisoning and Malicious Ads to Distribute Backdoored Microsoft Teams Installers 0 A new campaign is distributing the Oyster (Broomstick) backdoor through trojanized Microsoft Teams installers. Threat actors are using SEO poisoning and malvertising to trick users into downloading fake installers from spoofed websites. The malicious installers deploy a persistent backdoor that enables remote access, gathers system information, and supports additional payload delivery while evading detection. This tactic mirrors earlier fake PuTTY campaigns, showing a trend of abusing trusted software for initial access. The backdoor communicates with attacker-controlled C2 domains and uses DLL sideloading via rundll32.exe for stealthy execution. Organizations are advised to download software only from verified sources and avoid relying on search engine advertisements. Join the discussion | AlienVault OTX General | 10/02/2025, 10:24:47 UTC Added: 10/02/2025, 10:27:46 UTC |
Showing 1 to 4 of 4 results